Abstract

This chapter examines legal and technical issues that arise when considering strategic retaliatory countermeasures to cyber-attacks. Implications connected with endorsing techniques of active defense for nation-states are viewed alongside challenges faced by private entities. Proactive avenues for tackling cyber-security threats are evaluated and shortcomings within the international system of governance are analyzed. Retributive justice as a legal and philosophical concept is viewed through the lens of customary international law pertaining to use of force and self-defense. Difficulties in adapting rules governing kinetic warfare to instances of cyber-conflict are elucidated. The danger of executing counterstrikes for private entities is explained with reference to cross-border dilemmas, conflict of laws, and risks stemming from civil, criminal, and also administrative liability. Protocols for safeguarding anonymity are observed and the problem of attribution is illustrated. Costs and benefits associated with adopting methods of active defense are presented and solutions to avoid accountability failure are recommended.

Background

In the wake of recent reports of persistent cyber-exploitation globally, coupled with disclosures concerning unabashed national cyber-surveillance programs (Gorman & Valentino-Devries, 2013), the issue of cyber-defense and retaliation is very topical (Limnell, 2014; Sorcher, 2015; Yadron, 2015). Following the lead of corporate giants like Google (Nakashima, 2013; Richmond, 2010) it seems nation-states and the private sector may resort to the use of forcible cyber-defense following instances of cyber-harm and transnational transgressions via the Internet (Kesan & Hayes, 2012; Messerschmidt, 2013). In 2010, Google announced that a group purportedly identified as the ‘Elderwood Gang’ (also known as the ‘Beijing Group’) infiltrated the Company’s network, and breached at least thirty other corporations based in the United States (Cha & Nakashima, 2014; Clayton, 2012). The attackers utilized malware known as Hydraq, also referred to as Aurora, in combination with a zero-day exploit (O’Gorman & McDonald, 2012). Nicknamed “Operation Aurora”, the cyber-attack was allegedly traced to servers located at two Chinese educational institutions (Kurtz, 2010; “Protecting your critical assets,” 2010). Once identified, it is reported that Google launched a counteroffensive targeting the perceived attack source (Sanger & Markoff, 2010).